ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-46876)

ZrLog is a blog/CMS program developed in Java that is minimalist, easy to use, componentized, and has a low memory footprint. A cross-site scripting vulnerability exists in ZrLog version 2.1.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the userName and email...

S3-Account-Search - S3 Account Search

This tool lets you find the account id an S3 bucket belongs too. For this to work you need to have at least one of these permissions: Permission to download a known file from the bucket s3:getObject. Permission to list the contents of the bucket s3:ListBucket. Additionally, you will need a role...

WordPress YOP Polls 6.2.7 Cross Site Scripting

Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting XSS Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Vendor Homepage: https://yop-poll.com/ Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/ Software Link:...

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

Lightweight Facebook-Styled Blog Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...

Lightweight facebook-styled blog Authenticated Remote Command Execution Exploit

This module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweig...

Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...

The vulnerability of the CMS system Super CMS Blog Pro PHP Script, which arises due to insufficient validation of input data, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the CMS system Super CMS Blog Pro PHP Script exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOPs victims this year alone include Stanford University Medical School, the University of...

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560 a reliable C based exploit for CVE-2021-3560...

The FBI's Anom Stunt Rattles the Encryption Debate

The agency spent years running a secure phone network for criminals. So much for “going dark.”...

File upload vulnerability in web-blogs

web-blog is a web personal blog management system. A file upload vulnerability exists in web-blog. An attacker can exploit the vulnerability to upload arbitrary php scripts to gain server control privileges...

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library. Details about the advisories can be foun...

CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Improper access control

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

CVE-2021-20728

The CVE-2021-20728 entry concerns goo blog App (Android <=1.2.25, iOS

CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Simple-Log Cross-Site Request Forgery Vulnerability (CNVD-2021-40777)

Simple-Log is an open source free blog system based on PHP+MySQL. A cross-site request forgery vulnerability exists in Simple-Log v1.6, which is caused by Simple-Log not adequately verifying that requests come from trusted users. The vulnerability can be exploited to gain privileges and execute...

GHSA-V9W8-HQ92-V39M Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...